GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-27 09:45:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST1000DL rev.CC32 931,51GB Running: gmer.exe; Driver: C:\Users\MIKOAJ~1\AppData\Local\Temp\fgloipod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002e0a000 63 bytes [00, 00, 0E, 02, 53, 41, 53, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002e0a040 72 bytes [20, 2A, D4, 07, 80, FA, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f61465 2 bytes [F6, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f614bb 2 bytes [F6, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\spoolsv.exe [1496:1864] 000007fef93010c8 Thread C:\Windows\System32\spoolsv.exe [1496:1912] 000007fef92b6144 Thread C:\Windows\System32\spoolsv.exe [1496:1952] 000007fef8dd5fd0 Thread C:\Windows\System32\spoolsv.exe [1496:1956] 000007fef8bc3438 Thread C:\Windows\System32\spoolsv.exe [1496:1960] 000007fef8dd63ec Thread C:\Windows\System32\spoolsv.exe [1496:1968] 000007fef94e5e5c Thread C:\Windows\System32\spoolsv.exe [1496:1976] 000007fef9515074 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1f-a4-f9-fb-09@ClientLocalPort 51124 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1f-a4-f9-fb-09@TeredoAddress 2001:0:5ef5:79fd:2c51:384b:b047:1457 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13071 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 6930 ---- Files - GMER 2.1 ---- File C:\Users\Mikołaj\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0431e6 0 bytes File C:\Users\Mikołaj\AppData\Local\Google\Chrome\User Data\Default\Session Storage\011124.ldb 0 bytes File C:\Users\Mikołaj\AppData\Local\Google\Chrome\User Data\Default\Session Storage\011126.ldb 0 bytes File C:\Users\Mikołaj\AppData\Local\Google\Chrome\User Data\Default\Session Storage\011129.ldb 0 bytes File C:\Users\Mikołaj\AppData\Local\Google\Chrome\User Data\Default\Session Storage\011130.log 0 bytes ---- EOF - GMER 2.1 ----